oss-sec mailing list archives
Re: CVE Request coreutils
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 23 Jan 2013 02:20:00 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/22/2013 02:07 AM, Matthias Weckbecker wrote:
On Monday 21 January 2013 15:59:48 Michael Tokarev wrote:21.01.2013 18:54, Sebastian Krahmer wrote:Hi, Can someone assign a CVE id for a buffer overflow in coreutils? Its the same code snippet (coreutils-i18n.patch) and it affects sort, uniq and join:It's probably worth to mention that these are SuSE-specific and not in upstream, if I understand correctly.Tough to say unless you really looked into every single distribution out there. Just assuming something is dangerous.https://bugzilla.novell.com/show_bug.cgi?id=798538 https://bugzilla.novell.com/show_bug.cgi?id=796243 https://bugzilla.novell.com/show_bug.cgi?id=798541Thanks, /mjtThanks, Matthias
Please use CVE-2013-0221 for SuSE Bug 798538 - VUL-1: coreutils: segmentation fault in "sort -d" and "sort -M" with long line input Please use CVE-2013-0222 for SuSE Bug 796243 - VUL-1: coreutils: segmentation fault in "uniq" with long line input Please use CVE-2013-0223 for SuSE Bug 798541 - VUL-1: coreutils: segmentation fault in "join -i" with long line input - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQ/6tAAAoJEBYNRVNeJnmT+1MP/2Wpws+D7H1woEHxmZEKQIil tHEOi/lEQRHQQFILqL7pIlhOnz2Kv7MC2CzWNviZ8IRzfz2mFFCk/gpqPDn0MbgA KlMLn8lytFq4vsMX0LgfVAJNbG+W+VQYuw54mLu2svenPUys5rzA38tAS6aF9OD7 5qAVnXazqriPOmshFpBNC3HQw0MKJWORco69H7uGDI3fpz29mE1OSezbubaaQB+T x68l8Rzils7e8uuow5fktGV1YoT0+O0FT3KFzkYBOHQLJBZ3UUyZVDkccSpd5o0t /yAVoOpR8QdNXVSD5RiC5SFucKiw2Hhosh4DubqdEFHHAEBHyhAksR1i4ZutROXR 5JUDfnZNKxwO6G2HqoWA2ImlMOcWP7NzYQmi2fsPrDEwggdB894SwciU5R+sjhDy zWhX1dS4qdMqOGVNKq3etWTiPVIEBBC5F6HEEtJEGTjLAodwTU3rSXBpZe9YFM4s h3BWs3pnAqcs+8fFXBAPnN89Y13DgaclIxOPrMrVE+ws3SE3+JO/XUa7PNHfbxlL awkFGjw2IMCG7nkfuEKikfHF0WnrnwxUKc3JkAzY492Q4Rc5f3IZjaF7D6+K8+Jo T45dm+GCbUXuLFZKqobvSyiIdcCP8YCPBufiCzmfWoFiLKPSenrV8YIilXCmWdsc l+6UXRP1n/52ifyH7/mE =5e0x -----END PGP SIGNATURE-----
Current thread:
- CVE Request coreutils Sebastian Krahmer (Jan 21)
- Re: CVE Request coreutils Michael Tokarev (Jan 21)
- Re: CVE Request coreutils Kurt Seifried (Jan 21)
- Re: CVE Request coreutils Matthias Weckbecker (Jan 22)
- Re: CVE Request coreutils Kurt Seifried (Jan 23)
- Re: CVE Request coreutils Moritz Muehlenhoff (Jan 21)
- Re: CVE Request coreutils Vincent Danen (Jan 21)
- Re: CVE Request coreutils Kurt Seifried (Jan 21)
- Re: CVE Request coreutils Sebastian Krahmer (Jan 21)
- Re: CVE Request coreutils Vincent Danen (Jan 22)
- Re: CVE Request coreutils Sebastian Krahmer (Jan 22)
- Re: CVE Request coreutils Vincent Danen (Jan 23)
- Re: CVE Request coreutils Florian Weimer (Jan 22)
- Re: CVE Request coreutils Vincent Danen (Jan 21)
- Re: CVE Request coreutils Michael Tokarev (Jan 21)
- Re: CVE Request coreutils Florian Weimer (Jan 22)